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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days wrill be considered timely. 

- If NO period for reply is specified above, the maximum statutory period waII apply and vAW expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED {35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I )□ Responsive to communication(s) filed on 03 November 2004 . 
2a)S This action is FINAL. 2b)n This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) ^ Claim(s) 1-22 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)0 The drawing(s) filed on is/are: a)^ accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .1 21 (d). 

I I )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-i 52. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)n All b)n Some * 0)0 None of: 

1 .0 Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National iStage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . The Amendment, and remarks therein, received on 1 1/03/2004 have been 
entered and carefully considered. 

2. The Amendment introduces new limitations into the originally sole 
independent claims: 1, 16 and 18. 

3. The newly introduced limitations have required a new search and 
consideration of the pending claims. The new search has resulted in newly 
discovered prior art. New grounds of rejection based on the newly discovered 
prior art follow below. 

4. The text of those sections of Title 35, U.S. Code not included in this action 
can be found in a prior office action. 

Response to Amendment 

5. Applicant's arguments have been carefully considered but they were not 
found persuasive. 

6. As per the argument (in regard to claims 1,16 and 18) that Colby et al. does 
not teach the attempted inter-node communication between application 
components because when the communicating client and server are on 
different networks the server's response to the client would not be an inter- 
node communication between application components within the network, the 
examiner points to the newly discovered art, wherein StalHngs (as discussed 
below) teaches attempted inter-node communication between applikcation 
components. 
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7. As per the argument that if the content-aware flow switch is a processing 
node and if an application is an application component Colby et ai does not 
teach that the content aware flow switch includes an application component 
that communicates with another application component on the server (or on 
the client) the examiner advises applicant that the features upon which 
applicant relies (i.e., the content aware flow switch includes an application 
component) are not recited in the rejected claim(s). Although the claims are 
interpreted in light of the specification, limitations from the specification are 
not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 
1057 (Fed. Cir. 1993). 

8. As per claim 17, applicant argues that the combination of Colby et ai, 
Pfleeger, and Arendt et aL fails to disclose or suggest all of the limitations of 
this claim. However, the examiner found no specifics of applicant's argument 
that the examiner could address. 

9. Claims 1-22 have been examined. 

10. CIaims 1- 3, 5-10, 12,14-16 and 18-20 remain are rejected under 35 U.S.C. 
103(a) as being unpatentable over Colby et al. (U.S. Patent No. 6006264) in 
view of Pfleeger (Charles P. Pfleeger, "Security in Computing", ISBN 
0133374866, 1996) and in further view of Stallings (William Stallings, 
"Cryptography and network security", 2th edition, 1998, ISBN: 0138690170). 

1 1 .Colby et al. teach a cluster-based public computing environment (Colby et a!., 
col. 2 lines 22-33). and communications between service components 
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comprising a network switching system, and a plurality of processing nodes 
interconnected via the network switching system (Web Servers, clients and 
Content-aware flow switch), a plurality of application components loaded onto 
the processing nodes (col. 3 lines 10-28 and col. 1 lines 59-65). Content is 
defined as an application in col. 1 (e.g. Java) and col. 3 says that servers 
service a client request for content. The client itself must have means to 
access the application as well as establish a remote connection between the 
client and server apps. each application component having a respective 
service-access-point defining (i) a network address of the processing node on 
which the application component is loaded and (ii) a port at the processing 
node, the port being associated with the application component (Colby et al., 
col. 2 lines 8-45. col. 3 lines 10-12). Furthermore. Colby et al. teach 
executable logic that responds to an attempted inter-node communication 
between a service and application components but do not teach blocking 
disallowed inter-node communication. Colby et al. do not teach executable 
logic for traffic filtering. 

Pfleeger teaches executable logic solution of filtering traffic (Pfleeger. pg. 
428-430, "Screening Router" section) which blocks disallowed inter-node 
communication using network and VLAN addresses, and port numbers (SAP) 
(Pfleeger. pg. 428-430, "Screening Router" section). 
It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to implement executable logic solution of filtering traffic 
as taught by Pfleeger. One of ordinary skill in the art would have been 
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motivated to perform such a modification in order to implement a security 
policy (PIfeeger, pg. 428, "What is a Firewall" section). 
12. Colby et al. in view of Pfleeger do not explicitly teach the attempted inter-node 
communication resulting from a service access communication received into 
the cluster-based computing environment from an entity external to the 
' cluster-based computing environment via the external network. As a result 
Colby et al. in view of Pfleeger do not explicitly teach applying the filter logic 
to inter-node communication resulting from a service access communication 
received into the cluster-based computing environment from an entity external 
to the cluster-based computing environment via the external network. 
However, as shown by Stallings the attempted inter-node communication 
resulting from a service access communication received into the cluster- 
based computing environment from an entity external to the cluster-based 
computing environment via the external network is inherent for some of the 
data (Stallings, Worms, pg. 504), 

It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to apply the filter logic to all of the data and not to 
exclude inter-node communication resulting from a service access 
communication received into the cluster-based computing environment from 
an entity external to the cluster-based computing environment via the external 
network. One of ordinary skill in the art would have been motivated to 
perform such a modification in order to prevent spread of network worms. 
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13. Pfleeger teaches destination addresses saying that "depending on the 
protocol a . header may contain source and destination addresses" (pg. 430 § 
1). Claim 9 is addressed by the section on pg. 430 where Pfleeger says: "A 
screening router might be configured to block all packets... etc." Claim 15 is 
not explicitly addressed, but obviously if a packet is not allowed it is dropped. 
With respect to claim 19. an agent is limited by neither the claim nor the 
specification; thus it is understood that the software components read on the 
agent. Similarly claim 7 calls for an agent and talks about the interface 
through which instructions may be provided. An interface is a necessary 
component. Claim 7 talks about VLAN. VLAN is logical grouping of two or 
more nodes which are not necessarily on the same physical network segment 
but which share the same IP network number. The address range numbers 
provided by Pfleeger, e.g. 100.50.25.x meet this limitation (pg.430 § 2). 

14. Claims 4, 1 1, 13 and 21-22 remain rejected under 35 U.S.C. 103(a) as being 
unpatentable over Colby et al. (U.S. Patent No. 6006264) in view of Pfleeger 
(Charles P. Pfleeger, "Security in Computing", ISBN 0133374866, 1996) and 
Stallings (William Stallings, "Cryptography and network security", 2th edition, 
1998, ISBN: 0138690170), and in further view of Official Notice for the reason 
discussed in the previous Office Action. 

15. Claim 17 remains rejected under 35 U.S.C. 103(a) as being unpatentable 
over Colby et al. (U.S. Patent No. 6006264) in view of Pfleeger (Charles P. 
Pfleeger, "Security in Computing", ISBN 0133374866, 1996) and Stallings 
(William Stallings, "Cryptography and network security", 2th edition, 1998, 
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ISBN: 0138690170). and in further view Arendt et al. (U.S. Patent No. 
5819091) for the reasons discussed in the previous Office Action. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: Shimbo etai (U.S. Patent No. 6185680). 

Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. 
See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the ^terthe adv^ ^ 
action is mailed, and any extension fee pursuant to 37 CFR 1,1 36(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Peter Poltorak whose telephone number is 
(571 )272-3840. The examiner can normally be reached Monday through 
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Thursday from 9:00 a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 
3:30 p.m 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gregory Morse can be reached on (571)272-3838. The 
fax phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). A 
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